]> Git Repo - qemu.git/blame - hw/scsi/lsi53c895a.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Include qemu/module.h where needed, drop it from qemu-common.h
[qemu.git] / hw / scsi / lsi53c895a.c
CommitLineData
5fafdf24 1/*
7d8406be
PB		 2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
6 *
8e31bf38 7 * This code is licensed under the LGPL.
7d8406be
PB		 8 */
9
ceae18bd
HP		 10/* Note:
11 * LSI53C810 emulation is incorrect, in the sense that it supports
12 * features added in later evolutions. This should not be a problem,
13 * as well-behaved operating systems will not try to use them.
14 */
15
a4ab4792 16#include "qemu/osdep.h"
777aec7a 17
83c9f4ca
PB		 18#include "hw/hw.h"
19#include "hw/pci/pci.h"
0d09e41a 20#include "hw/scsi/scsi.h"
9c17d615 21#include "sysemu/dma.h"
85a20bc4 22#include "qemu/log.h"
0b8fa32f 23#include "qemu/module.h"
c921370b 24#include "trace.h"
7d8406be 25
64eb7491
HP		 26static const char *names[] = {
27 "SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG",
28 "SFBR", "SOCL", "SSID", "SBCL", "DSTAT", "SSTAT0", "SSTAT1", "SSTAT2",
29 "DSA0", "DSA1", "DSA2", "DSA3", "ISTAT", "0x15", "0x16", "0x17",
30 "CTEST0", "CTEST1", "CTEST2", "CTEST3", "TEMP0", "TEMP1", "TEMP2", "TEMP3",
31 "DFIFO", "CTEST4", "CTEST5", "CTEST6", "DBC0", "DBC1", "DBC2", "DCMD",
32 "DNAD0", "DNAD1", "DNAD2", "DNAD3", "DSP0", "DSP1", "DSP2", "DSP3",
33 "DSPS0", "DSPS1", "DSPS2", "DSPS3", "SCRATCHA0", "SCRATCHA1", "SCRATCHA2", "SCRATCHA3",
34 "DMODE", "DIEN", "SBR", "DCNTL", "ADDER0", "ADDER1", "ADDER2", "ADDER3",
35 "SIEN0", "SIEN1", "SIST0", "SIST1", "SLPAR", "0x45", "MACNTL", "GPCNTL",
36 "STIME0", "STIME1", "RESPID", "0x4b", "STEST0", "STEST1", "STEST2", "STEST3",
37 "SIDL", "0x51", "0x52", "0x53", "SODL", "0x55", "0x56", "0x57",
38 "SBDL", "0x59", "0x5a", "0x5b", "SCRATCHB0", "SCRATCHB1", "SCRATCHB2", "SCRATCHB3",
39};
64eb7491 40
18e08a55
MT		 41#define LSI_MAX_DEVS 7
42
7d8406be
PB		 43#define LSI_SCNTL0_TRG 0x01
44#define LSI_SCNTL0_AAP 0x02
45#define LSI_SCNTL0_EPC 0x08
46#define LSI_SCNTL0_WATN 0x10
47#define LSI_SCNTL0_START 0x20
48
49#define LSI_SCNTL1_SST 0x01
50#define LSI_SCNTL1_IARB 0x02
51#define LSI_SCNTL1_AESP 0x04
52#define LSI_SCNTL1_RST 0x08
53#define LSI_SCNTL1_CON 0x10
54#define LSI_SCNTL1_DHP 0x20
55#define LSI_SCNTL1_ADB 0x40
56#define LSI_SCNTL1_EXC 0x80
57
58#define LSI_SCNTL2_WSR 0x01
59#define LSI_SCNTL2_VUE0 0x02
60#define LSI_SCNTL2_VUE1 0x04
61#define LSI_SCNTL2_WSS 0x08
62#define LSI_SCNTL2_SLPHBEN 0x10
63#define LSI_SCNTL2_SLPMD 0x20
64#define LSI_SCNTL2_CHM 0x40
65#define LSI_SCNTL2_SDU 0x80
66
67#define LSI_ISTAT0_DIP 0x01
68#define LSI_ISTAT0_SIP 0x02
69#define LSI_ISTAT0_INTF 0x04
70#define LSI_ISTAT0_CON 0x08
71#define LSI_ISTAT0_SEM 0x10
72#define LSI_ISTAT0_SIGP 0x20
73#define LSI_ISTAT0_SRST 0x40
74#define LSI_ISTAT0_ABRT 0x80
75
76#define LSI_ISTAT1_SI 0x01
77#define LSI_ISTAT1_SRUN 0x02
78#define LSI_ISTAT1_FLSH 0x04
79
80#define LSI_SSTAT0_SDP0 0x01
81#define LSI_SSTAT0_RST 0x02
82#define LSI_SSTAT0_WOA 0x04
83#define LSI_SSTAT0_LOA 0x08
84#define LSI_SSTAT0_AIP 0x10
85#define LSI_SSTAT0_OLF 0x20
86#define LSI_SSTAT0_ORF 0x40
87#define LSI_SSTAT0_ILF 0x80
88
89#define LSI_SIST0_PAR 0x01
90#define LSI_SIST0_RST 0x02
91#define LSI_SIST0_UDC 0x04
92#define LSI_SIST0_SGE 0x08
93#define LSI_SIST0_RSL 0x10
94#define LSI_SIST0_SEL 0x20
95#define LSI_SIST0_CMP 0x40
96#define LSI_SIST0_MA 0x80
97
98#define LSI_SIST1_HTH 0x01
99#define LSI_SIST1_GEN 0x02
100#define LSI_SIST1_STO 0x04
101#define LSI_SIST1_SBMC 0x10
102
103#define LSI_SOCL_IO 0x01
104#define LSI_SOCL_CD 0x02
105#define LSI_SOCL_MSG 0x04
106#define LSI_SOCL_ATN 0x08
107#define LSI_SOCL_SEL 0x10
108#define LSI_SOCL_BSY 0x20
109#define LSI_SOCL_ACK 0x40
110#define LSI_SOCL_REQ 0x80
111
112#define LSI_DSTAT_IID 0x01
113#define LSI_DSTAT_SIR 0x04
114#define LSI_DSTAT_SSI 0x08
115#define LSI_DSTAT_ABRT 0x10
116#define LSI_DSTAT_BF 0x20
117#define LSI_DSTAT_MDPE 0x40
118#define LSI_DSTAT_DFE 0x80
119
120#define LSI_DCNTL_COM 0x01
121#define LSI_DCNTL_IRQD 0x02
122#define LSI_DCNTL_STD 0x04
123#define LSI_DCNTL_IRQM 0x08
124#define LSI_DCNTL_SSM 0x10
125#define LSI_DCNTL_PFEN 0x20
126#define LSI_DCNTL_PFF 0x40
127#define LSI_DCNTL_CLSE 0x80
128
129#define LSI_DMODE_MAN 0x01
130#define LSI_DMODE_BOF 0x02
131#define LSI_DMODE_ERMP 0x04
132#define LSI_DMODE_ERL 0x08
133#define LSI_DMODE_DIOM 0x10
134#define LSI_DMODE_SIOM 0x20
135
136#define LSI_CTEST2_DACK 0x01
137#define LSI_CTEST2_DREQ 0x02
138#define LSI_CTEST2_TEOP 0x04
139#define LSI_CTEST2_PCICIE 0x08
140#define LSI_CTEST2_CM 0x10
141#define LSI_CTEST2_CIO 0x20
142#define LSI_CTEST2_SIGP 0x40
143#define LSI_CTEST2_DDIR 0x80
144
145#define LSI_CTEST5_BL2 0x04
146#define LSI_CTEST5_DDIR 0x08
147#define LSI_CTEST5_MASR 0x10
148#define LSI_CTEST5_DFSN 0x20
149#define LSI_CTEST5_BBCK 0x40
150#define LSI_CTEST5_ADCK 0x80
151
152#define LSI_CCNTL0_DILS 0x01
153#define LSI_CCNTL0_DISFC 0x10
154#define LSI_CCNTL0_ENNDJ 0x20
155#define LSI_CCNTL0_PMJCTL 0x40
156#define LSI_CCNTL0_ENPMJ 0x80
157
b25cf589
AL		 158#define LSI_CCNTL1_EN64DBMV 0x01
159#define LSI_CCNTL1_EN64TIBMV 0x02
160#define LSI_CCNTL1_64TIMOD 0x04
161#define LSI_CCNTL1_DDAC 0x08
162#define LSI_CCNTL1_ZMOD 0x80
163
12dd89f7
SS		 164#define LSI_SBCL_ATN 0x08
165#define LSI_SBCL_BSY 0x20
166#define LSI_SBCL_ACK 0x40
167#define LSI_SBCL_REQ 0x80
168
e560125e
LA		 169/* Enable Response to Reselection */
170#define LSI_SCID_RRE 0x60
171
b25cf589
AL		 172#define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD)
173
7d8406be
PB		 174#define PHASE_DO 0
175#define PHASE_DI 1
176#define PHASE_CMD 2
177#define PHASE_ST 3
178#define PHASE_MO 6
179#define PHASE_MI 7
180#define PHASE_MASK 7
181
a917d384
PB		 182/* Maximum length of MSG IN data. */
183#define LSI_MAX_MSGIN_LEN 8
184
185/* Flag set if this is a tagged command. */
186#define LSI_TAG_VALID (1 << 16)
187
042ec49d 188typedef struct lsi_request {
5c6c0e51 189 SCSIRequest *req;
a917d384 190 uint32_t tag;
b96a0da0
GH		 191 uint32_t dma_len;
192 uint8_t *dma_buf;
a917d384
PB		 193 uint32_t pending;
194 int out;
042ec49d
GH		 195 QTAILQ_ENTRY(lsi_request) next;
196} lsi_request;
4d611c9a 197
f08ec2b8
SS		 198enum {
199 LSI_NOWAIT, /* SCRIPTS are running or stopped */
200 LSI_WAIT_RESELECT, /* Wait Reselect instruction has been issued */
201 LSI_DMA_SCRIPTS, /* processing DMA from lsi_execute_script */
202 LSI_DMA_IN_PROGRESS, /* DMA operation is in progress */
203};
204
4ae63d37
SS		 205enum {
206 LSI_MSG_ACTION_COMMAND = 0,
207 LSI_MSG_ACTION_DISCONNECT = 1,
208 LSI_MSG_ACTION_DOUT = 2,
209 LSI_MSG_ACTION_DIN = 3,
210};
211
7d8406be 212typedef struct {
725eec70
AF		 213 /*< private >*/
214 PCIDevice parent_obj;
215 /*< public >*/
216
3cc1b9cb 217 qemu_irq ext_irq;
b0ce84e5
AK		 218 MemoryRegion mmio_io;
219 MemoryRegion ram_io;
220 MemoryRegion io_io;
a8632434 221 AddressSpace pci_io_as;
7d8406be
PB		 222
223 int carry; /* ??? Should this be an a visible register somewhere? */
2f172849 224 int status;
a917d384
PB		 225 int msg_action;
226 int msg_len;
227 uint8_t msg[LSI_MAX_MSGIN_LEN];
7d8406be 228 int waiting;
ca9c39fa 229 SCSIBus bus;
7d8406be 230 int current_lun;
a917d384 231 /* The tag is a combination of the device ID and the SCSI tag. */
af12ac98 232 uint32_t select_tag;
8ccc2ace 233 int command_complete;
042ec49d 234 QTAILQ_HEAD(, lsi_request) queue;
af12ac98 235 lsi_request *current;
7d8406be
PB		 236
237 uint32_t dsa;
238 uint32_t temp;
239 uint32_t dnad;
240 uint32_t dbc;
241 uint8_t istat0;
242 uint8_t istat1;
243 uint8_t dcmd;
244 uint8_t dstat;
245 uint8_t dien;
246 uint8_t sist0;
247 uint8_t sist1;
248 uint8_t sien0;
249 uint8_t sien1;
250 uint8_t mbox0;
251 uint8_t mbox1;
252 uint8_t dfifo;
9167a69a 253 uint8_t ctest2;
7d8406be
PB		 254 uint8_t ctest3;
255 uint8_t ctest4;
256 uint8_t ctest5;
257 uint8_t ccntl0;
258 uint8_t ccntl1;
259 uint32_t dsp;
260 uint32_t dsps;
261 uint8_t dmode;
262 uint8_t dcntl;
263 uint8_t scntl0;
264 uint8_t scntl1;
265 uint8_t scntl2;
266 uint8_t scntl3;
267 uint8_t sstat0;
268 uint8_t sstat1;
269 uint8_t scid;
270 uint8_t sxfer;
271 uint8_t socl;
272 uint8_t sdid;
a917d384 273 uint8_t ssid;
7d8406be 274 uint8_t sfbr;
12dd89f7 275 uint8_t sbcl;
7d8406be
PB		 276 uint8_t stest1;
277 uint8_t stest2;
278 uint8_t stest3;
a917d384 279 uint8_t sidl;
7d8406be
PB		 280 uint8_t stime0;
281 uint8_t respid0;
282 uint8_t respid1;
283 uint32_t mmrs;
284 uint32_t mmws;
285 uint32_t sfs;
286 uint32_t drs;
287 uint32_t sbms;
ab57d967 288 uint32_t dbms;
7d8406be
PB		 289 uint32_t dnad64;
290 uint32_t pmjad1;
291 uint32_t pmjad2;
292 uint32_t rbc;
293 uint32_t ua;
294 uint32_t ia;
295 uint32_t sbc;
296 uint32_t csbc;
dcfb9014 297 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */
bd8ee11a 298 uint8_t sbr;
6f84da3a 299 uint32_t adder;
7d8406be 300
811a75ba 301 uint8_t script_ram[2048 * sizeof(uint32_t)];
7d8406be
PB		 302} LSIState;
303
ceae18bd 304#define TYPE_LSI53C810 "lsi53c810"
71186c86
PC		 305#define TYPE_LSI53C895A "lsi53c895a"
306
307#define LSI53C895A(obj) \
308 OBJECT_CHECK(LSIState, (obj), TYPE_LSI53C895A)
309
82cf2bcf
SS		 310static const char *scsi_phases[] = {
311 "DOUT",
312 "DIN",
313 "CMD",
314 "STATUS",
315 "RSVOUT",
316 "RSVIN",
317 "MSGOUT",
318 "MSGIN"
319};
320
321static const char *scsi_phase_name(int phase)
322{
323 return scsi_phases[phase & PHASE_MASK];
324}
325
e560125e
LA		 326static inline int lsi_irq_on_rsl(LSIState *s)
327{
328 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE);
329}
330
56333e69
GK		 331static lsi_request *get_pending_req(LSIState *s)
332{
333 lsi_request *p;
334
335 QTAILQ_FOREACH(p, &s->queue, next) {
336 if (p->pending) {
337 return p;
338 }
339 }
340 return NULL;
341}
342
7d8406be
PB		 343static void lsi_soft_reset(LSIState *s)
344{
c921370b 345 trace_lsi_reset();
7d8406be
PB		 346 s->carry = 0;
347
4ae63d37 348 s->msg_action = LSI_MSG_ACTION_COMMAND;
d43ba0af 349 s->msg_len = 0;
f08ec2b8 350 s->waiting = LSI_NOWAIT;
7d8406be
PB		 351 s->dsa = 0;
352 s->dnad = 0;
353 s->dbc = 0;
354 s->temp = 0;
355 memset(s->scratch, 0, sizeof(s->scratch));
356 s->istat0 = 0;
357 s->istat1 = 0;
12aa6dd6 358 s->dcmd = 0x40;
98f62e3d 359 s->dstat = 0;
7d8406be
PB		 360 s->dien = 0;
361 s->sist0 = 0;
362 s->sist1 = 0;
363 s->sien0 = 0;
364 s->sien1 = 0;
365 s->mbox0 = 0;
366 s->mbox1 = 0;
367 s->dfifo = 0;
12aa6dd6 368 s->ctest2 = LSI_CTEST2_DACK;
7d8406be
PB		 369 s->ctest3 = 0;
370 s->ctest4 = 0;
371 s->ctest5 = 0;
372 s->ccntl0 = 0;
373 s->ccntl1 = 0;
374 s->dsp = 0;
375 s->dsps = 0;
376 s->dmode = 0;
377 s->dcntl = 0;
378 s->scntl0 = 0xc0;
379 s->scntl1 = 0;
380 s->scntl2 = 0;
381 s->scntl3 = 0;
382 s->sstat0 = 0;
383 s->sstat1 = 0;
384 s->scid = 7;
385 s->sxfer = 0;
386 s->socl = 0;
12aa6dd6
JK		 387 s->sdid = 0;
388 s->ssid = 0;
12dd89f7 389 s->sbcl = 0;
7d8406be
PB		 390 s->stest1 = 0;
391 s->stest2 = 0;
392 s->stest3 = 0;
a917d384 393 s->sidl = 0;
7d8406be
PB		 394 s->stime0 = 0;
395 s->respid0 = 0x80;
396 s->respid1 = 0;
397 s->mmrs = 0;
398 s->mmws = 0;
399 s->sfs = 0;
400 s->drs = 0;
401 s->sbms = 0;
ab57d967 402 s->dbms = 0;
7d8406be
PB		 403 s->dnad64 = 0;
404 s->pmjad1 = 0;
405 s->pmjad2 = 0;
406 s->rbc = 0;
407 s->ua = 0;
408 s->ia = 0;
409 s->sbc = 0;
410 s->csbc = 0;
bd8ee11a 411 s->sbr = 0;
2f0772c5
PB		 412 assert(QTAILQ_EMPTY(&s->queue));
413 assert(!s->current);
7d8406be
PB		 414}
415
b25cf589
AL		 416static int lsi_dma_40bit(LSIState *s)
417{
418 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT)
419 return 1;
420 return 0;
421}
422
dd8edf01
AL		 423static int lsi_dma_ti64bit(LSIState *s)
424{
425 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV)
426 return 1;
427 return 0;
428}
429
430static int lsi_dma_64bit(LSIState *s)
431{
432 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV)
433 return 1;
434 return 0;
435}
436
7d8406be
PB		 437static uint8_t lsi_reg_readb(LSIState *s, int offset);
438static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val);
4d611c9a 439static void lsi_execute_script(LSIState *s);
aa4d32c4 440static void lsi_reselect(LSIState *s, lsi_request *p);
7d8406be 441
3975bb56 442static inline void lsi_mem_read(LSIState *s, dma_addr_t addr,
a8632434
HP		 443 void *buf, dma_addr_t len)
444{
445 if (s->dmode & LSI_DMODE_SIOM) {
446 address_space_read(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED,
447 buf, len);
a8632434 448 } else {
3975bb56 449 pci_dma_read(PCI_DEVICE(s), addr, buf, len);
a8632434
HP		 450 }
451}
452
3975bb56 453static inline void lsi_mem_write(LSIState *s, dma_addr_t addr,
a8632434
HP		 454 const void *buf, dma_addr_t len)
455{
456 if (s->dmode & LSI_DMODE_DIOM) {
457 address_space_write(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED,
458 buf, len);
a8632434 459 } else {
3975bb56 460 pci_dma_write(PCI_DEVICE(s), addr, buf, len);
a8632434
HP		 461 }
462}
463
7d8406be
PB		 464static inline uint32_t read_dword(LSIState *s, uint32_t addr)
465{
466 uint32_t buf;
467
725eec70 468 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4);
7d8406be
PB		 469 return cpu_to_le32(buf);
470}
471
472static void lsi_stop_script(LSIState *s)
473{
474 s->istat1 &= ~LSI_ISTAT1_SRUN;
475}
476
3cc1b9cb 477static void lsi_set_irq(LSIState *s, int level)
7d8406be 478{
725eec70 479 PCIDevice *d = PCI_DEVICE(s);
3cc1b9cb
MCA		 480
481 if (s->ext_irq) {
482 qemu_set_irq(s->ext_irq, level);
483 } else {
484 pci_set_irq(d, level);
485 }
486}
487
488static void lsi_update_irq(LSIState *s)
489{
7d8406be
PB		 490 int level;
491 static int last_level;
492
493 /* It's unclear whether the DIP/SIP bits should be cleared when the
494 Interrupt Status Registers are cleared or when istat0 is read.
495 We currently do the formwer, which seems to work. */
496 level = 0;
497 if (s->dstat) {
498 if (s->dstat & s->dien)
499 level = 1;
500 s->istat0 |= LSI_ISTAT0_DIP;
501 } else {
502 s->istat0 &= ~LSI_ISTAT0_DIP;
503 }
504
505 if (s->sist0 || s->sist1) {
506 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1))
507 level = 1;
508 s->istat0 |= LSI_ISTAT0_SIP;
509 } else {
510 s->istat0 &= ~LSI_ISTAT0_SIP;
511 }
512 if (s->istat0 & LSI_ISTAT0_INTF)
513 level = 1;
514
515 if (level != last_level) {
c921370b 516 trace_lsi_update_irq(level, s->dstat, s->sist1, s->sist0);
7d8406be
PB		 517 last_level = level;
518 }
3cc1b9cb 519 lsi_set_irq(s, level);
e560125e 520
56333e69
GK		 521 if (!s->current && !level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) {
522 lsi_request *p;
523
c921370b 524 trace_lsi_update_irq_disconnected();
56333e69
GK		 525 p = get_pending_req(s);
526 if (p) {
527 lsi_reselect(s, p);
e560125e
LA		 528 }
529 }
7d8406be
PB		 530}
531
532/* Stop SCRIPTS execution and raise a SCSI interrupt. */
533static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1)
534{
535 uint32_t mask0;
536 uint32_t mask1;
537
c921370b 538 trace_lsi_script_scsi_interrupt(stat1, stat0, s->sist1, s->sist0);
7d8406be
PB		 539 s->sist0 |= stat0;
540 s->sist1 |= stat1;
541 /* Stop processor on fatal or unmasked interrupt. As a special hack
542 we don't stop processing when raising STO. Instead continue
543 execution and stop at the next insn that accesses the SCSI bus. */
544 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL);
545 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH);
546 mask1 &= ~LSI_SIST1_STO;
547 if (s->sist0 & mask0 || s->sist1 & mask1) {
548 lsi_stop_script(s);
549 }
550 lsi_update_irq(s);
551}
552
553/* Stop SCRIPTS execution and raise a DMA interrupt. */
554static void lsi_script_dma_interrupt(LSIState *s, int stat)
555{
c921370b 556 trace_lsi_script_dma_interrupt(stat, s->dstat);
7d8406be
PB		 557 s->dstat |= stat;
558 lsi_update_irq(s);
559 lsi_stop_script(s);
560}
561
562static inline void lsi_set_phase(LSIState *s, int phase)
563{
12dd89f7
SS		 564 s->sbcl &= ~PHASE_MASK;
565 s->sbcl |= phase | LSI_SBCL_REQ;
7d8406be
PB		 566 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase;
567}
568
569static void lsi_bad_phase(LSIState *s, int out, int new_phase)
570{
571 /* Trigger a phase mismatch. */
572 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) {
d1d74664
PB		 573 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) {
574 s->dsp = out ? s->pmjad1 : s->pmjad2;
7d8406be 575 } else {
d1d74664 576 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1);
7d8406be 577 }
c921370b 578 trace_lsi_bad_phase_jump(s->dsp);
7d8406be 579 } else {
c921370b 580 trace_lsi_bad_phase_interrupt();
7d8406be
PB		 581 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
582 lsi_stop_script(s);
583 }
584 lsi_set_phase(s, new_phase);
585}
586
a917d384
PB		 587
588/* Resume SCRIPTS execution after a DMA operation. */
589static void lsi_resume_script(LSIState *s)
590{
591 if (s->waiting != 2) {
f08ec2b8 592 s->waiting = LSI_NOWAIT;
a917d384
PB		 593 lsi_execute_script(s);
594 } else {
f08ec2b8 595 s->waiting = LSI_NOWAIT;
a917d384
PB		 596 }
597}
598
64d56409
JK		 599static void lsi_disconnect(LSIState *s)
600{
601 s->scntl1 &= ~LSI_SCNTL1_CON;
602 s->sstat1 &= ~PHASE_MASK;
12dd89f7 603 s->sbcl = 0;
64d56409
JK		 604}
605
606static void lsi_bad_selection(LSIState *s, uint32_t id)
607{
c921370b 608 trace_lsi_bad_selection(id);
64d56409
JK		 609 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO);
610 lsi_disconnect(s);
611}
612
4d611c9a 613/* Initiate a SCSI layer data transfer. */
7d8406be
PB		 614static void lsi_do_dma(LSIState *s, int out)
615{
f48a7a6e 616 uint32_t count;
9ba4524c 617 dma_addr_t addr;
64d56409 618 SCSIDevice *dev;
7d8406be 619
b96a0da0
GH		 620 assert(s->current);
621 if (!s->current->dma_len) {
a917d384 622 /* Wait until data is available. */
c921370b 623 trace_lsi_do_dma_unavailable();
a917d384 624 return;
7d8406be
PB		 625 }
626
f48a7a6e
PB		 627 dev = s->current->req->dev;
628 assert(dev);
64d56409 629
a917d384 630 count = s->dbc;
b96a0da0
GH		 631 if (count > s->current->dma_len)
632 count = s->current->dma_len;
a917d384
PB		 633
634 addr = s->dnad;
dd8edf01
AL		 635 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */
636 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s))
b25cf589 637 addr |= ((uint64_t)s->dnad64 << 32);
dd8edf01
AL		 638 else if (s->dbms)
639 addr |= ((uint64_t)s->dbms << 32);
b25cf589
AL		 640 else if (s->sbms)
641 addr |= ((uint64_t)s->sbms << 32);
642
c921370b 643 trace_lsi_do_dma(addr, count);
7d8406be 644 s->csbc += count;
a917d384
PB		 645 s->dnad += count;
646 s->dbc -= count;
5c6c0e51 647 if (s->current->dma_buf == NULL) {
0c34459b 648 s->current->dma_buf = scsi_req_get_buf(s->current->req);
a917d384 649 }
7d8406be 650 /* ??? Set SFBR to first data byte. */
a917d384 651 if (out) {
a8632434 652 lsi_mem_read(s, addr, s->current->dma_buf, count);
a917d384 653 } else {
a8632434 654 lsi_mem_write(s, addr, s->current->dma_buf, count);
a917d384 655 }
b96a0da0
GH		 656 s->current->dma_len -= count;
657 if (s->current->dma_len == 0) {
658 s->current->dma_buf = NULL;
ad3376cc 659 scsi_req_continue(s->current->req);
a917d384 660 } else {
b96a0da0 661 s->current->dma_buf += count;
a917d384
PB		 662 lsi_resume_script(s);
663 }
664}
665
666
667/* Add a command to the queue. */
668static void lsi_queue_command(LSIState *s)
669{
af12ac98 670 lsi_request *p = s->current;
a917d384 671
c921370b 672 trace_lsi_queue_command(p->tag);
af12ac98 673 assert(s->current != NULL);
b96a0da0 674 assert(s->current->dma_len == 0);
af12ac98
GH		 675 QTAILQ_INSERT_TAIL(&s->queue, s->current, next);
676 s->current = NULL;
677
a917d384
PB		 678 p->pending = 0;
679 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
680}
681
682/* Queue a byte for a MSG IN phase. */
683static void lsi_add_msg_byte(LSIState *s, uint8_t data)
684{
685 if (s->msg_len >= LSI_MAX_MSGIN_LEN) {
c921370b 686 trace_lsi_add_msg_byte_error();
4d611c9a 687 } else {
c921370b 688 trace_lsi_add_msg_byte(data);
a917d384 689 s->msg[s->msg_len++] = data;
7d8406be 690 }
a917d384
PB		 691}
692
693/* Perform reselection to continue a command. */
aa4d32c4 694static void lsi_reselect(LSIState *s, lsi_request *p)
a917d384 695{
a917d384
PB		 696 int id;
697
af12ac98
GH		 698 assert(s->current == NULL);
699 QTAILQ_REMOVE(&s->queue, p, next);
700 s->current = p;
701
aa4d32c4 702 id = (p->tag >> 8) & 0xf;
a917d384 703 s->ssid = id | 0x80;
cc9f28bc 704 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */
f6dc18df 705 if (!(s->dcntl & LSI_DCNTL_COM)) {
cc9f28bc
LA		 706 s->sfbr = 1 << (id & 0x7);
707 }
c921370b 708 trace_lsi_reselect(id);
a917d384
PB		 709 s->scntl1 |= LSI_SCNTL1_CON;
710 lsi_set_phase(s, PHASE_MI);
4ae63d37 711 s->msg_action = p->out ? LSI_MSG_ACTION_DOUT : LSI_MSG_ACTION_DIN;
b96a0da0 712 s->current->dma_len = p->pending;
a917d384 713 lsi_add_msg_byte(s, 0x80);
af12ac98 714 if (s->current->tag & LSI_TAG_VALID) {
a917d384 715 lsi_add_msg_byte(s, 0x20);
aa4d32c4 716 lsi_add_msg_byte(s, p->tag & 0xff);
a917d384
PB		 717 }
718
e560125e
LA		 719 if (lsi_irq_on_rsl(s)) {
720 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0);
721 }
a917d384
PB		 722}
723
11257187 724static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag)
a917d384 725{
042ec49d
GH		 726 lsi_request *p;
727
728 QTAILQ_FOREACH(p, &s->queue, next) {
a917d384 729 if (p->tag == tag) {
11257187 730 return p;
a917d384
PB		 731 }
732 }
11257187
PB		 733
734 return NULL;
735}
736
d2a9998f
PB		 737static void lsi_request_free(LSIState *s, lsi_request *p)
738{
739 if (p == s->current) {
740 s->current = NULL;
741 } else {
742 QTAILQ_REMOVE(&s->queue, p, next);
743 }
744 g_free(p);
745}
746
94d3f98a
PB		 747static void lsi_request_cancelled(SCSIRequest *req)
748{
71186c86 749 LSIState *s = LSI53C895A(req->bus->qbus.parent);
c5bf71a9 750 lsi_request *p = req->hba_private;
94d3f98a 751
d2a9998f
PB		 752 req->hba_private = NULL;
753 lsi_request_free(s, p);
754 scsi_req_unref(req);
94d3f98a
PB		 755}
756
11257187
PB		 757/* Record that data is available for a queued command. Returns zero if
758 the device was reselected, nonzero if the IO is deferred. */
c5bf71a9 759static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len)
11257187 760{
c5bf71a9 761 lsi_request *p = req->hba_private;
11257187
PB		 762
763 if (p->pending) {
c921370b 764 trace_lsi_queue_req_error(p);
11257187 765 }
aba1f023 766 p->pending = len;
11257187
PB		 767 /* Reselect if waiting for it, or if reselection triggers an IRQ
768 and the bus is free.
769 Since no interrupt stacking is implemented in the emulation, it
770 is also required that there are no pending interrupts waiting
771 for service from the device driver. */
f08ec2b8 772 if (s->waiting == LSI_WAIT_RESELECT ||
11257187
PB		 773 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) &&
774 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) {
775 /* Reselect device. */
776 lsi_reselect(s, p);
777 return 0;
778 } else {
c921370b 779 trace_lsi_queue_req(p->tag);
aba1f023 780 p->pending = len;
11257187
PB		 781 return 1;
782 }
7d8406be 783}
c6df7102
PB		 784
785 /* Callback to indicate that the SCSI layer has completed a command. */
01e95455 786static void lsi_command_complete(SCSIRequest *req, uint32_t status, size_t resid)
4d611c9a 787{
71186c86 788 LSIState *s = LSI53C895A(req->bus->qbus.parent);
4d611c9a
PB		 789 int out;
790
a917d384 791 out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
c921370b 792 trace_lsi_command_complete(status);
aba1f023 793 s->status = status;
c6df7102
PB		 794 s->command_complete = 2;
795 if (s->waiting && s->dbc != 0) {
796 /* Raise phase mismatch for short transfers. */
797 lsi_bad_phase(s, out, PHASE_ST);
798 } else {
799 lsi_set_phase(s, PHASE_ST);
800 }
af12ac98 801
8f6e699d 802 if (req->hba_private == s->current) {
d2a9998f
PB		 803 req->hba_private = NULL;
804 lsi_request_free(s, s->current);
805 scsi_req_unref(req);
4d611c9a 806 }
c6df7102
PB		 807 lsi_resume_script(s);
808}
809
810 /* Callback to indicate that the SCSI layer has completed a transfer. */
aba1f023 811static void lsi_transfer_data(SCSIRequest *req, uint32_t len)
c6df7102 812{
71186c86 813 LSIState *s = LSI53C895A(req->bus->qbus.parent);
c6df7102 814 int out;
4d611c9a 815
8f6e699d 816 assert(req->hba_private);
f08ec2b8 817 if (s->waiting == LSI_WAIT_RESELECT || req->hba_private != s->current ||
e560125e 818 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) {
c5bf71a9 819 if (lsi_queue_req(s, req, len)) {
a917d384 820 return;
5c6c0e51 821 }
a917d384 822 }
e560125e 823
c6df7102
PB		 824 out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
825
e560125e 826 /* host adapter (re)connected */
c921370b 827 trace_lsi_transfer_data(req->tag, len);
aba1f023 828 s->current->dma_len = len;
8ccc2ace 829 s->command_complete = 1;
c6df7102 830 if (s->waiting) {
f08ec2b8 831 if (s->waiting == LSI_WAIT_RESELECT || s->dbc == 0) {
c6df7102
PB		 832 lsi_resume_script(s);
833 } else {
834 lsi_do_dma(s, out);
835 }
4d611c9a
PB		 836 }
837}
7d8406be
PB		 838
839static void lsi_do_command(LSIState *s)
840{
64d56409 841 SCSIDevice *dev;
7d8406be 842 uint8_t buf[16];
64d56409 843 uint32_t id;
7d8406be
PB		 844 int n;
845
c921370b 846 trace_lsi_do_command(s->dbc);
7d8406be
PB		 847 if (s->dbc > 16)
848 s->dbc = 16;
725eec70 849 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc);
7d8406be 850 s->sfbr = buf[0];
8ccc2ace 851 s->command_complete = 0;
af12ac98 852
259d5577 853 id = (s->select_tag >> 8) & 0xf;
0d3545e7 854 dev = scsi_device_find(&s->bus, 0, id, s->current_lun);
64d56409
JK		 855 if (!dev) {
856 lsi_bad_selection(s, id);
857 return;
858 }
859
af12ac98 860 assert(s->current == NULL);
3c55fe2a 861 s->current = g_new0(lsi_request, 1);
af12ac98 862 s->current->tag = s->select_tag;
c39ce112 863 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf,
c5bf71a9 864 s->current);
af12ac98 865
c39ce112 866 n = scsi_req_enqueue(s->current->req);
ad3376cc
PB		 867 if (n) {
868 if (n > 0) {
869 lsi_set_phase(s, PHASE_DI);
870 } else if (n < 0) {
871 lsi_set_phase(s, PHASE_DO);
872 }
873 scsi_req_continue(s->current->req);
a917d384 874 }
8ccc2ace
TS		 875 if (!s->command_complete) {
876 if (n) {
877 /* Command did not complete immediately so disconnect. */
878 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */
879 lsi_add_msg_byte(s, 4); /* DISCONNECT */
880 /* wait data */
881 lsi_set_phase(s, PHASE_MI);
4ae63d37 882 s->msg_action = LSI_MSG_ACTION_DISCONNECT;
8ccc2ace
TS		 883 lsi_queue_command(s);
884 } else {
885 /* wait command complete */
886 lsi_set_phase(s, PHASE_DI);
887 }
7d8406be
PB		 888 }
889}
890
7d8406be
PB		 891static void lsi_do_status(LSIState *s)
892{
2f172849 893 uint8_t status;
c921370b
MCA		 894 trace_lsi_do_status(s->dbc, s->status);
895 if (s->dbc != 1) {
896 trace_lsi_do_status_error();
897 }
7d8406be 898 s->dbc = 1;
2f172849
HR		 899 status = s->status;
900 s->sfbr = status;
725eec70 901 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1);
7d8406be 902 lsi_set_phase(s, PHASE_MI);
4ae63d37 903 s->msg_action = LSI_MSG_ACTION_DISCONNECT;
a917d384 904 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */
7d8406be
PB		 905}
906
7d8406be
PB		 907static void lsi_do_msgin(LSIState *s)
908{
e58ccf03 909 uint8_t len;
c921370b 910 trace_lsi_do_msgin(s->dbc, s->msg_len);
a917d384
PB		 911 s->sfbr = s->msg[0];
912 len = s->msg_len;
e58ccf03 913 assert(len > 0 && len <= LSI_MAX_MSGIN_LEN);
a917d384
PB		 914 if (len > s->dbc)
915 len = s->dbc;
725eec70 916 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len);
a917d384
PB		 917 /* Linux drivers rely on the last byte being in the SIDL. */
918 s->sidl = s->msg[len - 1];
919 s->msg_len -= len;
920 if (s->msg_len) {
921 memmove(s->msg, s->msg + len, s->msg_len);
7d8406be
PB		 922 } else {
923 /* ??? Check if ATN (not yet implemented) is asserted and maybe
924 switch to PHASE_MO. */
a917d384 925 switch (s->msg_action) {
4ae63d37 926 case LSI_MSG_ACTION_COMMAND:
a917d384
PB		 927 lsi_set_phase(s, PHASE_CMD);
928 break;
4ae63d37 929 case LSI_MSG_ACTION_DISCONNECT:
a917d384
PB		 930 lsi_disconnect(s);
931 break;
4ae63d37 932 case LSI_MSG_ACTION_DOUT:
a917d384
PB		 933 lsi_set_phase(s, PHASE_DO);
934 break;
4ae63d37 935 case LSI_MSG_ACTION_DIN:
a917d384
PB		 936 lsi_set_phase(s, PHASE_DI);
937 break;
938 default:
939 abort();
940 }
7d8406be
PB		 941 }
942}
943
a917d384
PB		 944/* Read the next byte during a MSGOUT phase. */
945static uint8_t lsi_get_msgbyte(LSIState *s)
946{
947 uint8_t data;
725eec70 948 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1);
a917d384
PB		 949 s->dnad++;
950 s->dbc--;
951 return data;
952}
953
444dd39b
SH		 954/* Skip the next n bytes during a MSGOUT phase. */
955static void lsi_skip_msgbytes(LSIState *s, unsigned int n)
956{
957 s->dnad += n;
958 s->dbc -= n;
959}
960
7d8406be
PB		 961static void lsi_do_msgout(LSIState *s)
962{
963 uint8_t msg;
a917d384 964 int len;
508240c0 965 uint32_t current_tag;
5c6c0e51 966 lsi_request *current_req, *p, *p_next;
508240c0
BK		 967
968 if (s->current) {
969 current_tag = s->current->tag;
5c6c0e51 970 current_req = s->current;
508240c0
BK		 971 } else {
972 current_tag = s->select_tag;
5c6c0e51 973 current_req = lsi_find_by_tag(s, current_tag);
508240c0 974 }
7d8406be 975
c921370b 976 trace_lsi_do_msgout(s->dbc);
a917d384
PB		 977 while (s->dbc) {
978 msg = lsi_get_msgbyte(s);
979 s->sfbr = msg;
980
981 switch (msg) {
77203ea0 982 case 0x04:
c921370b 983 trace_lsi_do_msgout_disconnect();
a917d384
PB		 984 lsi_disconnect(s);
985 break;
986 case 0x08:
c921370b 987 trace_lsi_do_msgout_noop();
a917d384
PB		 988 lsi_set_phase(s, PHASE_CMD);
989 break;
990 case 0x01:
991 len = lsi_get_msgbyte(s);
992 msg = lsi_get_msgbyte(s);
f3f5b867 993 (void)len; /* avoid a warning about unused variable*/
c921370b 994 trace_lsi_do_msgout_extended(msg, len);
a917d384
PB		 995 switch (msg) {
996 case 1:
c921370b 997 trace_lsi_do_msgout_ignored("SDTR");
444dd39b 998 lsi_skip_msgbytes(s, 2);
a917d384
PB		 999 break;
1000 case 3:
c921370b 1001 trace_lsi_do_msgout_ignored("WDTR");
444dd39b 1002 lsi_skip_msgbytes(s, 1);
a917d384 1003 break;
966a09fa 1004 case 4:
c921370b 1005 trace_lsi_do_msgout_ignored("PPR");
966a09fa
GK		 1006 lsi_skip_msgbytes(s, 5);
1007 break;
a917d384
PB		 1008 default:
1009 goto bad;
1010 }
1011 break;
1012 case 0x20: /* SIMPLE queue */
af12ac98 1013 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
c921370b 1014 trace_lsi_do_msgout_simplequeue(s->select_tag & 0xff);
a917d384
PB		 1015 break;
1016 case 0x21: /* HEAD of queue */
c921370b 1017 qemu_log_mask(LOG_UNIMP, "lsi_scsi: HEAD queue not implemented\n");
af12ac98 1018 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
a917d384
PB		 1019 break;
1020 case 0x22: /* ORDERED queue */
c921370b
MCA		 1021 qemu_log_mask(LOG_UNIMP,
1022 "lsi_scsi: ORDERED queue not implemented\n");
af12ac98 1023 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
a917d384 1024 break;
508240c0
BK		 1025 case 0x0d:
1026 /* The ABORT TAG message clears the current I/O process only. */
c921370b 1027 trace_lsi_do_msgout_abort(current_tag);
5c6c0e51 1028 if (current_req) {
94d3f98a 1029 scsi_req_cancel(current_req->req);
5c6c0e51 1030 }
508240c0
BK		 1031 lsi_disconnect(s);
1032 break;
1033 case 0x06:
1034 case 0x0e:
1035 case 0x0c:
1036 /* The ABORT message clears all I/O processes for the selecting
1037 initiator on the specified logical unit of the target. */
1038 if (msg == 0x06) {
c921370b 1039 trace_lsi_do_msgout_abort(current_tag);
508240c0
BK		 1040 }
1041 /* The CLEAR QUEUE message clears all I/O processes for all
1042 initiators on the specified logical unit of the target. */
1043 if (msg == 0x0e) {
c921370b 1044 trace_lsi_do_msgout_clearqueue(current_tag);
508240c0
BK		 1045 }
1046 /* The BUS DEVICE RESET message clears all I/O processes for all
1047 initiators on all logical units of the target. */
1048 if (msg == 0x0c) {
c921370b 1049 trace_lsi_do_msgout_busdevicereset(current_tag);
508240c0
BK		 1050 }
1051
1052 /* clear the current I/O process */
5c6c0e51 1053 if (s->current) {
94d3f98a 1054 scsi_req_cancel(s->current->req);
5c6c0e51 1055 }
508240c0
BK		 1056
1057 /* As the current implemented devices scsi_disk and scsi_generic
1058 only support one LUN, we don't need to keep track of LUNs.
1059 Clearing I/O processes for other initiators could be possible
1060 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX
1061 device, but this is currently not implemented (and seems not
1062 to be really necessary). So let's simply clear all queued
1063 commands for the current device: */
508240c0 1064 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) {
a6c6f44a 1065 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) {
94d3f98a 1066 scsi_req_cancel(p->req);
508240c0
BK		 1067 }
1068 }
1069
1070 lsi_disconnect(s);
1071 break;
a917d384
PB		 1072 default:
1073 if ((msg & 0x80) == 0) {
1074 goto bad;
1075 }
1076 s->current_lun = msg & 7;
c921370b 1077 trace_lsi_do_msgout_select(s->current_lun);
a917d384
PB		 1078 lsi_set_phase(s, PHASE_CMD);
1079 break;
1080 }
7d8406be 1081 }
a917d384
PB		 1082 return;
1083bad:
c921370b 1084 qemu_log_mask(LOG_UNIMP, "Unimplemented message 0x%02x\n", msg);
a917d384
PB		 1085 lsi_set_phase(s, PHASE_MI);
1086 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */
4ae63d37 1087 s->msg_action = LSI_MSG_ACTION_COMMAND;
7d8406be
PB		 1088}
1089
e20a8dff 1090#define LSI_BUF_SIZE 4096
7d8406be
PB		 1091static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count)
1092{
1093 int n;
e20a8dff 1094 uint8_t buf[LSI_BUF_SIZE];
7d8406be 1095
c921370b 1096 trace_lsi_memcpy(dest, src, count);
7d8406be 1097 while (count) {
e20a8dff 1098 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count;
a8632434
HP		 1099 lsi_mem_read(s, src, buf, n);
1100 lsi_mem_write(s, dest, buf, n);
7d8406be
PB		 1101 src += n;
1102 dest += n;
1103 count -= n;
1104 }
1105}
1106
a917d384
PB		 1107static void lsi_wait_reselect(LSIState *s)
1108{
042ec49d
GH		 1109 lsi_request *p;
1110
c921370b 1111 trace_lsi_wait_reselect();
042ec49d 1112
56333e69
GK		 1113 if (s->current) {
1114 return;
1115 }
1116 p = get_pending_req(s);
1117 if (p) {
1118 lsi_reselect(s, p);
a917d384 1119 }
b96a0da0 1120 if (s->current == NULL) {
f08ec2b8 1121 s->waiting = LSI_WAIT_RESELECT;
a917d384
PB		 1122 }
1123}
1124
7d8406be
PB		 1125static void lsi_execute_script(LSIState *s)
1126{
725eec70 1127 PCIDevice *pci_dev = PCI_DEVICE(s);
7d8406be 1128 uint32_t insn;
b25cf589 1129 uint32_t addr, addr_high;
7d8406be 1130 int opcode;
ee4d919f 1131 int insn_processed = 0;
7d8406be
PB		 1132
1133 s->istat1 |= LSI_ISTAT1_SRUN;
1134again:
ee4d919f 1135 insn_processed++;
7d8406be 1136 insn = read_dword(s, s->dsp);
02b373ad
AZ		 1137 if (!insn) {
1138 /* If we receive an empty opcode increment the DSP by 4 bytes
1139 instead of 8 and execute the next opcode at that location */
1140 s->dsp += 4;
1141 goto again;
1142 }
7d8406be 1143 addr = read_dword(s, s->dsp + 4);
b25cf589 1144 addr_high = 0;
c921370b 1145 trace_lsi_execute_script(s->dsp, insn, addr);
7d8406be
PB		 1146 s->dsps = addr;
1147 s->dcmd = insn >> 24;
1148 s->dsp += 8;
1149 switch (insn >> 30) {
1150 case 0: /* Block move. */
1151 if (s->sist1 & LSI_SIST1_STO) {
c921370b 1152 trace_lsi_execute_script_blockmove_delayed();
7d8406be
PB		 1153 lsi_stop_script(s);
1154 break;
1155 }
1156 s->dbc = insn & 0xffffff;
1157 s->rbc = s->dbc;
dd8edf01
AL		 1158 /* ??? Set ESA. */
1159 s->ia = s->dsp - 8;
7d8406be
PB		 1160 if (insn & (1 << 29)) {
1161 /* Indirect addressing. */
1162 addr = read_dword(s, addr);
1163 } else if (insn & (1 << 28)) {
1164 uint32_t buf[2];
1165 int32_t offset;
1166 /* Table indirect addressing. */
dd8edf01
AL		 1167
1168 /* 32-bit Table indirect */
92794105 1169 offset = sextract32(addr, 0, 24);
725eec70 1170 pci_dma_read(pci_dev, s->dsa + offset, buf, 8);
b25cf589
AL		 1171 /* byte count is stored in bits 0:23 only */
1172 s->dbc = cpu_to_le32(buf[0]) & 0xffffff;
7faa239c 1173 s->rbc = s->dbc;
7d8406be 1174 addr = cpu_to_le32(buf[1]);
b25cf589
AL		 1175
1176 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of
1177 * table, bits [31:24] */
1178 if (lsi_dma_40bit(s))
1179 addr_high = cpu_to_le32(buf[0]) >> 24;
dd8edf01
AL		 1180 else if (lsi_dma_ti64bit(s)) {
1181 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f;
1182 switch (selector) {
1183 case 0 ... 0x0f:
1184 /* offset index into scratch registers since
1185 * TI64 mode can use registers C to R */
1186 addr_high = s->scratch[2 + selector];
1187 break;
1188 case 0x10:
1189 addr_high = s->mmrs;
1190 break;
1191 case 0x11:
1192 addr_high = s->mmws;
1193 break;
1194 case 0x12:
1195 addr_high = s->sfs;
1196 break;
1197 case 0x13:
1198 addr_high = s->drs;
1199 break;
1200 case 0x14:
1201 addr_high = s->sbms;
1202 break;
1203 case 0x15:
1204 addr_high = s->dbms;
1205 break;
1206 default:
c921370b
MCA		 1207 qemu_log_mask(LOG_GUEST_ERROR,
1208 "lsi_scsi: Illegal selector specified (0x%x > 0x15) "
1209 "for 64-bit DMA block move", selector);
dd8edf01
AL		 1210 break;
1211 }
1212 }
1213 } else if (lsi_dma_64bit(s)) {
1214 /* fetch a 3rd dword if 64-bit direct move is enabled and
1215 only if we're not doing table indirect or indirect addressing */
1216 s->dbms = read_dword(s, s->dsp);
1217 s->dsp += 4;
1218 s->ia = s->dsp - 12;
7d8406be
PB		 1219 }
1220 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) {
82cf2bcf
SS		 1221 trace_lsi_execute_script_blockmove_badphase(
1222 scsi_phase_name(s->sstat1),
1223 scsi_phase_name(insn >> 24));
7d8406be
PB		 1224 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
1225 break;
1226 }
1227 s->dnad = addr;
b25cf589 1228 s->dnad64 = addr_high;
7d8406be
PB		 1229 switch (s->sstat1 & 0x7) {
1230 case PHASE_DO:
f08ec2b8 1231 s->waiting = LSI_DMA_SCRIPTS;
7d8406be 1232 lsi_do_dma(s, 1);
a917d384 1233 if (s->waiting)
f08ec2b8 1234 s->waiting = LSI_DMA_IN_PROGRESS;
7d8406be
PB		 1235 break;
1236 case PHASE_DI:
f08ec2b8 1237 s->waiting = LSI_DMA_SCRIPTS;
7d8406be 1238 lsi_do_dma(s, 0);
a917d384 1239 if (s->waiting)
f08ec2b8 1240 s->waiting = LSI_DMA_IN_PROGRESS;
7d8406be
PB		 1241 break;
1242 case PHASE_CMD:
1243 lsi_do_command(s);
1244 break;
1245 case PHASE_ST:
1246 lsi_do_status(s);
1247 break;
1248 case PHASE_MO:
1249 lsi_do_msgout(s);
1250 break;
1251 case PHASE_MI:
1252 lsi_do_msgin(s);
1253 break;
1254 default:
82cf2bcf
SS		 1255 qemu_log_mask(LOG_UNIMP, "lsi_scsi: Unimplemented phase %s\n",
1256 scsi_phase_name(s->sstat1));
7d8406be
PB		 1257 }
1258 s->dfifo = s->dbc & 0xff;
1259 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3);
1260 s->sbc = s->dbc;
1261 s->rbc -= s->dbc;
1262 s->ua = addr + s->dbc;
7d8406be
PB		 1263 break;
1264
1265 case 1: /* IO or Read/Write instruction. */
1266 opcode = (insn >> 27) & 7;
1267 if (opcode < 5) {
1268 uint32_t id;
1269
1270 if (insn & (1 << 25)) {
92794105 1271 id = read_dword(s, s->dsa + sextract32(insn, 0, 24));
7d8406be 1272 } else {
07a1bea8 1273 id = insn;
7d8406be
PB		 1274 }
1275 id = (id >> 16) & 0xf;
1276 if (insn & (1 << 26)) {
92794105 1277 addr = s->dsp + sextract32(addr, 0, 24);
7d8406be
PB		 1278 }
1279 s->dnad = addr;
1280 switch (opcode) {
1281 case 0: /* Select */
a917d384 1282 s->sdid = id;
38f5b2b8 1283 if (s->scntl1 & LSI_SCNTL1_CON) {
c921370b 1284 trace_lsi_execute_script_io_alreadyreselected();
38f5b2b8 1285 s->dsp = s->dnad;
a917d384
PB		 1286 break;
1287 }
7d8406be
PB		 1288 s->sstat0 |= LSI_SSTAT0_WOA;
1289 s->scntl1 &= ~LSI_SCNTL1_IARB;
0d3545e7 1290 if (!scsi_device_find(&s->bus, 0, id, 0)) {
64d56409 1291 lsi_bad_selection(s, id);
7d8406be
PB		 1292 break;
1293 }
c921370b
MCA		 1294 trace_lsi_execute_script_io_selected(id,
1295 insn & (1 << 3) ? " ATN" : "");
7d8406be
PB		 1296 /* ??? Linux drivers compain when this is set. Maybe
1297 it only applies in low-level mode (unimplemented).
1298 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */
af12ac98 1299 s->select_tag = id << 8;
7d8406be
PB		 1300 s->scntl1 |= LSI_SCNTL1_CON;
1301 if (insn & (1 << 3)) {
1302 s->socl |= LSI_SOCL_ATN;
12dd89f7 1303 s->sbcl |= LSI_SBCL_ATN;
7d8406be 1304 }
12dd89f7 1305 s->sbcl |= LSI_SBCL_BSY;
7d8406be 1306 lsi_set_phase(s, PHASE_MO);
f08ec2b8 1307 s->waiting = LSI_NOWAIT;
7d8406be
PB		 1308 break;
1309 case 1: /* Disconnect */
c921370b 1310 trace_lsi_execute_script_io_disconnect();
7d8406be 1311 s->scntl1 &= ~LSI_SCNTL1_CON;
56333e69
GK		 1312 /* FIXME: this is not entirely correct; the target need not ask
1313 * for reselection until it has to send data, while here we force a
1314 * reselection as soon as the bus is free. The correct flow would
1315 * reselect before lsi_transfer_data and disconnect as soon as
1316 * DMA ends.
1317 */
1318 if (!s->current) {
1319 lsi_request *p = get_pending_req(s);
1320 if (p) {
1321 lsi_reselect(s, p);
1322 }
1323 }
7d8406be
PB		 1324 break;
1325 case 2: /* Wait Reselect */
2265e98b
SS		 1326 if (s->istat0 & LSI_ISTAT0_SIGP) {
1327 s->dsp = s->dnad;
1328 } else if (!lsi_irq_on_rsl(s)) {
1329 lsi_wait_reselect(s);
e560125e 1330 }
7d8406be
PB		 1331 break;
1332 case 3: /* Set */
c921370b 1333 trace_lsi_execute_script_io_set(
7d8406be
PB		 1334 insn & (1 << 3) ? " ATN" : "",
1335 insn & (1 << 6) ? " ACK" : "",
1336 insn & (1 << 9) ? " TM" : "",
1337 insn & (1 << 10) ? " CC" : "");
1338 if (insn & (1 << 3)) {
1339 s->socl |= LSI_SOCL_ATN;
12dd89f7 1340 s->sbcl |= LSI_SBCL_ATN;
7d8406be
PB		 1341 lsi_set_phase(s, PHASE_MO);
1342 }
12dd89f7
SS		 1343
1344 if (insn & (1 << 6)) {
1345 s->sbcl |= LSI_SBCL_ACK;
1346 }
1347
7d8406be 1348 if (insn & (1 << 9)) {
c921370b
MCA		 1349 qemu_log_mask(LOG_UNIMP,
1350 "lsi_scsi: Target mode not implemented\n");
7d8406be
PB		 1351 }
1352 if (insn & (1 << 10))
1353 s->carry = 1;
1354 break;
1355 case 4: /* Clear */
c921370b 1356 trace_lsi_execute_script_io_clear(
7d8406be
PB		 1357 insn & (1 << 3) ? " ATN" : "",
1358 insn & (1 << 6) ? " ACK" : "",
1359 insn & (1 << 9) ? " TM" : "",
1360 insn & (1 << 10) ? " CC" : "");
1361 if (insn & (1 << 3)) {
1362 s->socl &= ~LSI_SOCL_ATN;
12dd89f7 1363 s->sbcl &= ~LSI_SBCL_ATN;
7d8406be 1364 }
12dd89f7
SS		 1365
1366 if (insn & (1 << 6)) {
1367 s->sbcl &= ~LSI_SBCL_ACK;
1368 }
1369
7d8406be
PB		 1370 if (insn & (1 << 10))
1371 s->carry = 0;
1372 break;
1373 }
1374 } else {
1375 uint8_t op0;
1376 uint8_t op1;
1377 uint8_t data8;
1378 int reg;
1379 int operator;
c921370b 1380
7d8406be
PB		 1381 static const char *opcode_names[3] =
1382 {"Write", "Read", "Read-Modify-Write"};
1383 static const char *operator_names[8] =
1384 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"};
7d8406be
PB		 1385
1386 reg = ((insn >> 16) & 0x7f) | (insn & 0x80);
1387 data8 = (insn >> 8) & 0xff;
1388 opcode = (insn >> 27) & 7;
1389 operator = (insn >> 24) & 7;
c921370b 1390 trace_lsi_execute_script_io_opcode(
7d8406be 1391 opcode_names[opcode - 5], reg,
a917d384 1392 operator_names[operator], data8, s->sfbr,
7d8406be
PB		 1393 (insn & (1 << 23)) ? " SFBR" : "");
1394 op0 = op1 = 0;
1395 switch (opcode) {
1396 case 5: /* From SFBR */
1397 op0 = s->sfbr;
1398 op1 = data8;
1399 break;
1400 case 6: /* To SFBR */
1401 if (operator)
1402 op0 = lsi_reg_readb(s, reg);
1403 op1 = data8;
1404 break;
1405 case 7: /* Read-modify-write */
1406 if (operator)
1407 op0 = lsi_reg_readb(s, reg);
1408 if (insn & (1 << 23)) {
1409 op1 = s->sfbr;
1410 } else {
1411 op1 = data8;
1412 }
1413 break;
1414 }
1415
1416 switch (operator) {
1417 case 0: /* move */
1418 op0 = op1;
1419 break;
1420 case 1: /* Shift left */
1421 op1 = op0 >> 7;
1422 op0 = (op0 << 1) | s->carry;
1423 s->carry = op1;
1424 break;
1425 case 2: /* OR */
1426 op0 |= op1;
1427 break;
1428 case 3: /* XOR */
dcfb9014 1429 op0 ^= op1;
7d8406be
PB		 1430 break;
1431 case 4: /* AND */
1432 op0 &= op1;
1433 break;
1434 case 5: /* SHR */
1435 op1 = op0 & 1;
1436 op0 = (op0 >> 1) | (s->carry << 7);
687fa640 1437 s->carry = op1;
7d8406be
PB		 1438 break;
1439 case 6: /* ADD */
1440 op0 += op1;
1441 s->carry = op0 < op1;
1442 break;
1443 case 7: /* ADC */
1444 op0 += op1 + s->carry;
1445 if (s->carry)
1446 s->carry = op0 <= op1;
1447 else
1448 s->carry = op0 < op1;
1449 break;
1450 }
1451
1452 switch (opcode) {
1453 case 5: /* From SFBR */
1454 case 7: /* Read-modify-write */
1455 lsi_reg_writeb(s, reg, op0);
1456 break;
1457 case 6: /* To SFBR */
1458 s->sfbr = op0;
1459 break;
1460 }
1461 }
1462 break;
1463
1464 case 2: /* Transfer Control. */
1465 {
1466 int cond;
1467 int jmp;
1468
1469 if ((insn & 0x002e0000) == 0) {
c921370b 1470 trace_lsi_execute_script_tc_nop();
7d8406be
PB		 1471 break;
1472 }
1473 if (s->sist1 & LSI_SIST1_STO) {
c921370b 1474 trace_lsi_execute_script_tc_delayedselect_timeout();
7d8406be
PB		 1475 lsi_stop_script(s);
1476 break;
1477 }
1478 cond = jmp = (insn & (1 << 19)) != 0;
1479 if (cond == jmp && (insn & (1 << 21))) {
c921370b 1480 trace_lsi_execute_script_tc_compc(s->carry == jmp);
7d8406be
PB		 1481 cond = s->carry != 0;
1482 }
1483 if (cond == jmp && (insn & (1 << 17))) {
82cf2bcf
SS		 1484 trace_lsi_execute_script_tc_compp(scsi_phase_name(s->sstat1),
1485 jmp ? '=' : '!', scsi_phase_name(insn >> 24));
7d8406be
PB		 1486 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7);
1487 }
1488 if (cond == jmp && (insn & (1 << 18))) {
1489 uint8_t mask;
1490
1491 mask = (~insn >> 8) & 0xff;
c921370b 1492 trace_lsi_execute_script_tc_compd(
7d8406be
PB		 1493 s->sfbr, mask, jmp ? '=' : '!', insn & mask);
1494 cond = (s->sfbr & mask) == (insn & mask);
1495 }
1496 if (cond == jmp) {
1497 if (insn & (1 << 23)) {
1498 /* Relative address. */
92794105 1499 addr = s->dsp + sextract32(addr, 0, 24);
7d8406be
PB		 1500 }
1501 switch ((insn >> 27) & 7) {
1502 case 0: /* Jump */
c921370b 1503 trace_lsi_execute_script_tc_jump(addr);
6f84da3a 1504 s->adder = addr;
7d8406be
PB		 1505 s->dsp = addr;
1506 break;
1507 case 1: /* Call */
c921370b 1508 trace_lsi_execute_script_tc_call(addr);
7d8406be
PB		 1509 s->temp = s->dsp;
1510 s->dsp = addr;
1511 break;
1512 case 2: /* Return */
c921370b 1513 trace_lsi_execute_script_tc_return(s->temp);
7d8406be
PB		 1514 s->dsp = s->temp;
1515 break;
1516 case 3: /* Interrupt */
c921370b 1517 trace_lsi_execute_script_tc_interrupt(s->dsps);
7d8406be
PB		 1518 if ((insn & (1 << 20)) != 0) {
1519 s->istat0 |= LSI_ISTAT0_INTF;
1520 lsi_update_irq(s);
1521 } else {
1522 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR);
1523 }
1524 break;
1525 default:
c921370b 1526 trace_lsi_execute_script_tc_illegal();
7d8406be
PB		 1527 lsi_script_dma_interrupt(s, LSI_DSTAT_IID);
1528 break;
1529 }
1530 } else {
c921370b 1531 trace_lsi_execute_script_tc_cc_failed();
7d8406be
PB		 1532 }
1533 }
1534 break;
1535
1536 case 3:
1537 if ((insn & (1 << 29)) == 0) {
1538 /* Memory move. */
1539 uint32_t dest;
1540 /* ??? The docs imply the destination address is loaded into
1541 the TEMP register. However the Linux drivers rely on
1542 the value being presrved. */
1543 dest = read_dword(s, s->dsp);
1544 s->dsp += 4;
1545 lsi_memcpy(s, dest, addr, insn & 0xffffff);
1546 } else {
1547 uint8_t data[7];
1548 int reg;
1549 int n;
1550 int i;
1551
1552 if (insn & (1 << 28)) {
92794105 1553 addr = s->dsa + sextract32(addr, 0, 24);
7d8406be
PB		 1554 }
1555 n = (insn & 7);
1556 reg = (insn >> 16) & 0xff;
1557 if (insn & (1 << 24)) {
725eec70 1558 pci_dma_read(pci_dev, addr, data, n);
c921370b 1559 trace_lsi_execute_script_mm_load(reg, n, addr, *(int *)data);
7d8406be
PB		 1560 for (i = 0; i < n; i++) {
1561 lsi_reg_writeb(s, reg + i, data[i]);
1562 }
1563 } else {
c921370b 1564 trace_lsi_execute_script_mm_store(reg, n, addr);
7d8406be
PB		 1565 for (i = 0; i < n; i++) {
1566 data[i] = lsi_reg_readb(s, reg + i);
1567 }
725eec70 1568 pci_dma_write(pci_dev, addr, data, n);
7d8406be
PB		 1569 }
1570 }
1571 }
f08ec2b8 1572 if (insn_processed > 10000 && s->waiting == LSI_NOWAIT) {
64c68080
PB		 1573 /* Some windows drivers make the device spin waiting for a memory
1574 location to change. If we have been executed a lot of code then
1575 assume this is the case and force an unexpected device disconnect.
1576 This is apparently sufficient to beat the drivers into submission.
1577 */
c921370b
MCA		 1578 if (!(s->sien0 & LSI_SIST0_UDC)) {
1579 qemu_log_mask(LOG_GUEST_ERROR,
1580 "lsi_scsi: inf. loop with UDC masked");
1581 }
ee4d919f
AL		 1582 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
1583 lsi_disconnect(s);
f08ec2b8 1584 } else if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) {
7d8406be
PB		 1585 if (s->dcntl & LSI_DCNTL_SSM) {
1586 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
1587 } else {
1588 goto again;
1589 }
1590 }
c921370b 1591 trace_lsi_execute_script_stop();
7d8406be
PB		 1592}
1593
1594static uint8_t lsi_reg_readb(LSIState *s, int offset)
1595{
64eb7491
HP		 1596 uint8_t ret;
1597
75f76531 1598#define CASE_GET_REG24(name, addr) \
64eb7491
HP		 1599 case addr: ret = s->name & 0xff; break; \
1600 case addr + 1: ret = (s->name >> 8) & 0xff; break; \
1601 case addr + 2: ret = (s->name >> 16) & 0xff; break;
75f76531 1602
7d8406be 1603#define CASE_GET_REG32(name, addr) \
64eb7491
HP		 1604 case addr: ret = s->name & 0xff; break; \
1605 case addr + 1: ret = (s->name >> 8) & 0xff; break; \
1606 case addr + 2: ret = (s->name >> 16) & 0xff; break; \
1607 case addr + 3: ret = (s->name >> 24) & 0xff; break;
7d8406be 1608
7d8406be
PB		 1609 switch (offset) {
1610 case 0x00: /* SCNTL0 */
64eb7491
HP		 1611 ret = s->scntl0;
1612 break;
7d8406be 1613 case 0x01: /* SCNTL1 */
64eb7491
HP		 1614 ret = s->scntl1;
1615 break;
7d8406be 1616 case 0x02: /* SCNTL2 */
64eb7491
HP		 1617 ret = s->scntl2;
1618 break;
7d8406be 1619 case 0x03: /* SCNTL3 */
64eb7491
HP		 1620 ret = s->scntl3;
1621 break;
7d8406be 1622 case 0x04: /* SCID */
64eb7491
HP		 1623 ret = s->scid;
1624 break;
7d8406be 1625 case 0x05: /* SXFER */
64eb7491
HP		 1626 ret = s->sxfer;
1627 break;
7d8406be 1628 case 0x06: /* SDID */
64eb7491
HP		 1629 ret = s->sdid;
1630 break;
7d8406be 1631 case 0x07: /* GPREG0 */
64eb7491
HP		 1632 ret = 0x7f;
1633 break;
985a03b0 1634 case 0x08: /* Revision ID */
64eb7491
HP		 1635 ret = 0x00;
1636 break;
6f84da3a 1637 case 0x09: /* SOCL */
64eb7491
HP		 1638 ret = s->socl;
1639 break;
a917d384 1640 case 0xa: /* SSID */
64eb7491
HP		 1641 ret = s->ssid;
1642 break;
7d8406be 1643 case 0xb: /* SBCL */
12dd89f7 1644 ret = s->sbcl;
64eb7491 1645 break;
7d8406be 1646 case 0xc: /* DSTAT */
64eb7491 1647 ret = s->dstat | LSI_DSTAT_DFE;
7d8406be
PB		 1648 if ((s->istat0 & LSI_ISTAT0_INTF) == 0)
1649 s->dstat = 0;
1650 lsi_update_irq(s);
64eb7491 1651 break;
7d8406be 1652 case 0x0d: /* SSTAT0 */
64eb7491
HP		 1653 ret = s->sstat0;
1654 break;
7d8406be 1655 case 0x0e: /* SSTAT1 */
64eb7491
HP		 1656 ret = s->sstat1;
1657 break;
7d8406be 1658 case 0x0f: /* SSTAT2 */
64eb7491
HP		 1659 ret = s->scntl1 & LSI_SCNTL1_CON ? 0 : 2;
1660 break;
7d8406be
PB		 1661 CASE_GET_REG32(dsa, 0x10)
1662 case 0x14: /* ISTAT0 */
64eb7491
HP		 1663 ret = s->istat0;
1664 break;
ecabe8cc 1665 case 0x15: /* ISTAT1 */
64eb7491
HP		 1666 ret = s->istat1;
1667 break;
7d8406be 1668 case 0x16: /* MBOX0 */
64eb7491
HP		 1669 ret = s->mbox0;
1670 break;
7d8406be 1671 case 0x17: /* MBOX1 */
64eb7491
HP		 1672 ret = s->mbox1;
1673 break;
7d8406be 1674 case 0x18: /* CTEST0 */
64eb7491
HP		 1675 ret = 0xff;
1676 break;
7d8406be 1677 case 0x19: /* CTEST1 */
64eb7491
HP		 1678 ret = 0;
1679 break;
7d8406be 1680 case 0x1a: /* CTEST2 */
64eb7491 1681 ret = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM;
7d8406be
PB		 1682 if (s->istat0 & LSI_ISTAT0_SIGP) {
1683 s->istat0 &= ~LSI_ISTAT0_SIGP;
64eb7491 1684 ret |= LSI_CTEST2_SIGP;
7d8406be 1685 }
64eb7491 1686 break;
7d8406be 1687 case 0x1b: /* CTEST3 */
64eb7491
HP		 1688 ret = s->ctest3;
1689 break;
7d8406be
PB		 1690 CASE_GET_REG32(temp, 0x1c)
1691 case 0x20: /* DFIFO */
07163c99 1692 ret = s->dfifo;
64eb7491 1693 break;
7d8406be 1694 case 0x21: /* CTEST4 */
64eb7491
HP		 1695 ret = s->ctest4;
1696 break;
7d8406be 1697 case 0x22: /* CTEST5 */
64eb7491
HP		 1698 ret = s->ctest5;
1699 break;
985a03b0 1700 case 0x23: /* CTEST6 */
64eb7491
HP		 1701 ret = 0;
1702 break;
75f76531 1703 CASE_GET_REG24(dbc, 0x24)
7d8406be 1704 case 0x27: /* DCMD */
64eb7491
HP		 1705 ret = s->dcmd;
1706 break;
4b9a2d6d 1707 CASE_GET_REG32(dnad, 0x28)
7d8406be
PB		 1708 CASE_GET_REG32(dsp, 0x2c)
1709 CASE_GET_REG32(dsps, 0x30)
1710 CASE_GET_REG32(scratch[0], 0x34)
1711 case 0x38: /* DMODE */
64eb7491
HP		 1712 ret = s->dmode;
1713 break;
7d8406be 1714 case 0x39: /* DIEN */
64eb7491
HP		 1715 ret = s->dien;
1716 break;
bd8ee11a 1717 case 0x3a: /* SBR */
64eb7491
HP		 1718 ret = s->sbr;
1719 break;
7d8406be 1720 case 0x3b: /* DCNTL */
64eb7491
HP		 1721 ret = s->dcntl;
1722 break;
6f84da3a
PL		 1723 /* ADDER Output (Debug of relative jump address) */
1724 CASE_GET_REG32(adder, 0x3c)
7d8406be 1725 case 0x40: /* SIEN0 */
64eb7491
HP		 1726 ret = s->sien0;
1727 break;
7d8406be 1728 case 0x41: /* SIEN1 */
64eb7491
HP		 1729 ret = s->sien1;
1730 break;
7d8406be 1731 case 0x42: /* SIST0 */
64eb7491 1732 ret = s->sist0;
7d8406be
PB		 1733 s->sist0 = 0;
1734 lsi_update_irq(s);
64eb7491 1735 break;
7d8406be 1736 case 0x43: /* SIST1 */
64eb7491 1737 ret = s->sist1;
7d8406be
PB		 1738 s->sist1 = 0;
1739 lsi_update_irq(s);
64eb7491 1740 break;
9167a69a 1741 case 0x46: /* MACNTL */
64eb7491
HP		 1742 ret = 0x0f;
1743 break;
7d8406be 1744 case 0x47: /* GPCNTL0 */
64eb7491
HP		 1745 ret = 0x0f;
1746 break;
7d8406be 1747 case 0x48: /* STIME0 */
64eb7491
HP		 1748 ret = s->stime0;
1749 break;
7d8406be 1750 case 0x4a: /* RESPID0 */
64eb7491
HP		 1751 ret = s->respid0;
1752 break;
7d8406be 1753 case 0x4b: /* RESPID1 */
64eb7491
HP		 1754 ret = s->respid1;
1755 break;
7d8406be 1756 case 0x4d: /* STEST1 */
64eb7491
HP		 1757 ret = s->stest1;
1758 break;
7d8406be 1759 case 0x4e: /* STEST2 */
64eb7491
HP		 1760 ret = s->stest2;
1761 break;
7d8406be 1762 case 0x4f: /* STEST3 */
64eb7491
HP		 1763 ret = s->stest3;
1764 break;
a917d384
PB		 1765 case 0x50: /* SIDL */
1766 /* This is needed by the linux drivers. We currently only update it
1767 during the MSG IN phase. */
64eb7491
HP		 1768 ret = s->sidl;
1769 break;
7d8406be 1770 case 0x52: /* STEST4 */
64eb7491
HP		 1771 ret = 0xe0;
1772 break;
7d8406be 1773 case 0x56: /* CCNTL0 */
64eb7491
HP		 1774 ret = s->ccntl0;
1775 break;
7d8406be 1776 case 0x57: /* CCNTL1 */
64eb7491
HP		 1777 ret = s->ccntl1;
1778 break;
a917d384
PB		 1779 case 0x58: /* SBDL */
1780 /* Some drivers peek at the data bus during the MSG IN phase. */
e58ccf03
PP		 1781 if ((s->sstat1 & PHASE_MASK) == PHASE_MI) {
1782 assert(s->msg_len > 0);
a917d384 1783 return s->msg[0];
e58ccf03 1784 }
64eb7491
HP		 1785 ret = 0;
1786 break;
a917d384 1787 case 0x59: /* SBDL high */
64eb7491
HP		 1788 ret = 0;
1789 break;
7d8406be
PB		 1790 CASE_GET_REG32(mmrs, 0xa0)
1791 CASE_GET_REG32(mmws, 0xa4)
1792 CASE_GET_REG32(sfs, 0xa8)
1793 CASE_GET_REG32(drs, 0xac)
1794 CASE_GET_REG32(sbms, 0xb0)
ab57d967 1795 CASE_GET_REG32(dbms, 0xb4)
7d8406be
PB		 1796 CASE_GET_REG32(dnad64, 0xb8)
1797 CASE_GET_REG32(pmjad1, 0xc0)
1798 CASE_GET_REG32(pmjad2, 0xc4)
1799 CASE_GET_REG32(rbc, 0xc8)
1800 CASE_GET_REG32(ua, 0xcc)
1801 CASE_GET_REG32(ia, 0xd4)
1802 CASE_GET_REG32(sbc, 0xd8)
1803 CASE_GET_REG32(csbc, 0xdc)
64eb7491
HP		 1804 case 0x5c ... 0x9f:
1805 {
7d8406be
PB		 1806 int n;
1807 int shift;
1808 n = (offset - 0x58) >> 2;
1809 shift = (offset & 3) * 8;
64eb7491
HP		 1810 ret = (s->scratch[n] >> shift) & 0xff;
1811 break;
1812 }
1813 default:
85a20bc4
HP		 1814 {
1815 qemu_log_mask(LOG_GUEST_ERROR,
1816 "lsi_scsi: invalid read from reg %s %x\n",
1817 offset < ARRAY_SIZE(names) ? names[offset] : "???",
1818 offset);
1819 ret = 0xff;
1820 break;
1821 }
7d8406be 1822 }
75f76531 1823#undef CASE_GET_REG24
7d8406be 1824#undef CASE_GET_REG32
64eb7491 1825
c921370b
MCA		 1826 trace_lsi_reg_read(offset < ARRAY_SIZE(names) ? names[offset] : "???",
1827 offset, ret);
64eb7491
HP		 1828
1829 return ret;
7d8406be
PB		 1830}
1831
1832static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
1833{
49c47daa
SH		 1834#define CASE_SET_REG24(name, addr) \
1835 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1836 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1837 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break;
1838
7d8406be
PB		 1839#define CASE_SET_REG32(name, addr) \
1840 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1841 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1842 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \
1843 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break;
1844
c921370b
MCA		 1845 trace_lsi_reg_write(offset < ARRAY_SIZE(names) ? names[offset] : "???",
1846 offset, val);
1847
7d8406be
PB		 1848 switch (offset) {
1849 case 0x00: /* SCNTL0 */
1850 s->scntl0 = val;
1851 if (val & LSI_SCNTL0_START) {
c921370b
MCA		 1852 qemu_log_mask(LOG_UNIMP,
1853 "lsi_scsi: Start sequence not implemented\n");
7d8406be
PB		 1854 }
1855 break;
1856 case 0x01: /* SCNTL1 */
1857 s->scntl1 = val & ~LSI_SCNTL1_SST;
1858 if (val & LSI_SCNTL1_IARB) {
c921370b
MCA		 1859 qemu_log_mask(LOG_UNIMP,
1860 "lsi_scsi: Immediate Arbritration not implemented\n");
7d8406be
PB		 1861 }
1862 if (val & LSI_SCNTL1_RST) {
680a34ee 1863 if (!(s->sstat0 & LSI_SSTAT0_RST)) {
824755ba 1864 qbus_reset_all(BUS(&s->bus));
680a34ee
JK		 1865 s->sstat0 |= LSI_SSTAT0_RST;
1866 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0);
1867 }
7d8406be
PB		 1868 } else {
1869 s->sstat0 &= ~LSI_SSTAT0_RST;
1870 }
1871 break;
1872 case 0x02: /* SCNTL2 */
1873 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS);
3d834c78 1874 s->scntl2 = val;
7d8406be
PB		 1875 break;
1876 case 0x03: /* SCNTL3 */
1877 s->scntl3 = val;
1878 break;
1879 case 0x04: /* SCID */
1880 s->scid = val;
1881 break;
1882 case 0x05: /* SXFER */
1883 s->sxfer = val;
1884 break;
a917d384 1885 case 0x06: /* SDID */
c7ac9f40 1886 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) {
c921370b
MCA		 1887 qemu_log_mask(LOG_GUEST_ERROR,
1888 "lsi_scsi: Destination ID does not match SSID\n");
c7ac9f40 1889 }
a917d384
PB		 1890 s->sdid = val & 0xf;
1891 break;
7d8406be
PB		 1892 case 0x07: /* GPREG0 */
1893 break;
a917d384
PB		 1894 case 0x08: /* SFBR */
1895 /* The CPU is not allowed to write to this register. However the
1896 SCRIPTS register move instructions are. */
1897 s->sfbr = val;
1898 break;
a15fdf86 1899 case 0x0a: case 0x0b:
9167a69a 1900 /* Openserver writes to these readonly registers on startup */
7d37435b 1901 return;
7d8406be
PB		 1902 case 0x0c: case 0x0d: case 0x0e: case 0x0f:
1903 /* Linux writes to these readonly registers on startup. */
1904 return;
1905 CASE_SET_REG32(dsa, 0x10)
1906 case 0x14: /* ISTAT0 */
1907 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0);
1908 if (val & LSI_ISTAT0_ABRT) {
1909 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT);
1910 }
1911 if (val & LSI_ISTAT0_INTF) {
1912 s->istat0 &= ~LSI_ISTAT0_INTF;
1913 lsi_update_irq(s);
1914 }
f08ec2b8 1915 if (s->waiting == LSI_WAIT_RESELECT && val & LSI_ISTAT0_SIGP) {
c921370b 1916 trace_lsi_awoken();
f08ec2b8 1917 s->waiting = LSI_NOWAIT;
7d8406be
PB		 1918 s->dsp = s->dnad;
1919 lsi_execute_script(s);
1920 }
1921 if (val & LSI_ISTAT0_SRST) {
71186c86 1922 qdev_reset_all(DEVICE(s));
7d8406be 1923 }
92d88ecb 1924 break;
7d8406be
PB		 1925 case 0x16: /* MBOX0 */
1926 s->mbox0 = val;
92d88ecb 1927 break;
7d8406be
PB		 1928 case 0x17: /* MBOX1 */
1929 s->mbox1 = val;
92d88ecb 1930 break;
0903c35d
HP		 1931 case 0x18: /* CTEST0 */
1932 /* nothing to do */
1933 break;
9167a69a 1934 case 0x1a: /* CTEST2 */
7d37435b
PB		 1935 s->ctest2 = val & LSI_CTEST2_PCICIE;
1936 break;
7d8406be
PB		 1937 case 0x1b: /* CTEST3 */
1938 s->ctest3 = val & 0x0f;
1939 break;
1940 CASE_SET_REG32(temp, 0x1c)
1941 case 0x21: /* CTEST4 */
1942 if (val & 7) {
c921370b
MCA		 1943 qemu_log_mask(LOG_UNIMP,
1944 "lsi_scsi: Unimplemented CTEST4-FBL 0x%x\n", val);
7d8406be
PB		 1945 }
1946 s->ctest4 = val;
1947 break;
1948 case 0x22: /* CTEST5 */
1949 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) {
c921370b
MCA		 1950 qemu_log_mask(LOG_UNIMP,
1951 "lsi_scsi: CTEST5 DMA increment not implemented\n");
7d8406be
PB		 1952 }
1953 s->ctest5 = val;
1954 break;
49c47daa 1955 CASE_SET_REG24(dbc, 0x24)
4b9a2d6d 1956 CASE_SET_REG32(dnad, 0x28)
3d834c78 1957 case 0x2c: /* DSP[0:7] */
7d8406be
PB		 1958 s->dsp &= 0xffffff00;
1959 s->dsp |= val;
1960 break;
3d834c78 1961 case 0x2d: /* DSP[8:15] */
7d8406be
PB		 1962 s->dsp &= 0xffff00ff;
1963 s->dsp |= val << 8;
1964 break;
3d834c78 1965 case 0x2e: /* DSP[16:23] */
7d8406be
PB		 1966 s->dsp &= 0xff00ffff;
1967 s->dsp |= val << 16;
1968 break;
3d834c78 1969 case 0x2f: /* DSP[24:31] */
7d8406be
PB		 1970 s->dsp &= 0x00ffffff;
1971 s->dsp |= val << 24;
1972 if ((s->dmode & LSI_DMODE_MAN) == 0
1973 && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1974 lsi_execute_script(s);
1975 break;
1976 CASE_SET_REG32(dsps, 0x30)
1977 CASE_SET_REG32(scratch[0], 0x34)
1978 case 0x38: /* DMODE */
7d8406be
PB		 1979 s->dmode = val;
1980 break;
1981 case 0x39: /* DIEN */
1982 s->dien = val;
1983 lsi_update_irq(s);
1984 break;
bd8ee11a
SH		 1985 case 0x3a: /* SBR */
1986 s->sbr = val;
1987 break;
7d8406be
PB		 1988 case 0x3b: /* DCNTL */
1989 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD);
1990 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1991 lsi_execute_script(s);
1992 break;
1993 case 0x40: /* SIEN0 */
1994 s->sien0 = val;
1995 lsi_update_irq(s);
1996 break;
1997 case 0x41: /* SIEN1 */
1998 s->sien1 = val;
1999 lsi_update_irq(s);
2000 break;
2001 case 0x47: /* GPCNTL0 */
2002 break;
2003 case 0x48: /* STIME0 */
2004 s->stime0 = val;
2005 break;
2006 case 0x49: /* STIME1 */
2007 if (val & 0xf) {
c921370b
MCA		 2008 qemu_log_mask(LOG_UNIMP,
2009 "lsi_scsi: General purpose timer not implemented\n");
7d8406be
PB		 2010 /* ??? Raising the interrupt immediately seems to be sufficient
2011 to keep the FreeBSD driver happy. */
2012 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN);
2013 }
2014 break;
2015 case 0x4a: /* RESPID0 */
2016 s->respid0 = val;
2017 break;
2018 case 0x4b: /* RESPID1 */
2019 s->respid1 = val;
2020 break;
2021 case 0x4d: /* STEST1 */
2022 s->stest1 = val;
2023 break;
2024 case 0x4e: /* STEST2 */
2025 if (val & 1) {
c921370b
MCA		 2026 qemu_log_mask(LOG_UNIMP,
2027 "lsi_scsi: Low level mode not implemented\n");
7d8406be
PB		 2028 }
2029 s->stest2 = val;
2030 break;
2031 case 0x4f: /* STEST3 */
2032 if (val & 0x41) {
c921370b
MCA		 2033 qemu_log_mask(LOG_UNIMP,
2034 "lsi_scsi: SCSI FIFO test mode not implemented\n");
7d8406be
PB		 2035 }
2036 s->stest3 = val;
2037 break;
2038 case 0x56: /* CCNTL0 */
2039 s->ccntl0 = val;
2040 break;
2041 case 0x57: /* CCNTL1 */
2042 s->ccntl1 = val;
2043 break;
2044 CASE_SET_REG32(mmrs, 0xa0)
2045 CASE_SET_REG32(mmws, 0xa4)
2046 CASE_SET_REG32(sfs, 0xa8)
2047 CASE_SET_REG32(drs, 0xac)
2048 CASE_SET_REG32(sbms, 0xb0)
ab57d967 2049 CASE_SET_REG32(dbms, 0xb4)
7d8406be
PB		 2050 CASE_SET_REG32(dnad64, 0xb8)
2051 CASE_SET_REG32(pmjad1, 0xc0)
2052 CASE_SET_REG32(pmjad2, 0xc4)
2053 CASE_SET_REG32(rbc, 0xc8)
2054 CASE_SET_REG32(ua, 0xcc)
2055 CASE_SET_REG32(ia, 0xd4)
2056 CASE_SET_REG32(sbc, 0xd8)
2057 CASE_SET_REG32(csbc, 0xdc)
2058 default:
2059 if (offset >= 0x5c && offset < 0xa0) {
2060 int n;
2061 int shift;
2062 n = (offset - 0x58) >> 2;
2063 shift = (offset & 3) * 8;
57ffcc4c 2064 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val);
7d8406be 2065 } else {
85a20bc4
HP		 2066 qemu_log_mask(LOG_GUEST_ERROR,
2067 "lsi_scsi: invalid write to reg %s %x (0x%02x)\n",
2068 offset < ARRAY_SIZE(names) ? names[offset] : "???",
2069 offset, val);
7d8406be
PB		 2070 }
2071 }
49c47daa 2072#undef CASE_SET_REG24
7d8406be
PB		 2073#undef CASE_SET_REG32
2074}
2075
a8170e5e 2076static void lsi_mmio_write(void *opaque, hwaddr addr,
b0ce84e5 2077 uint64_t val, unsigned size)
7d8406be 2078{
eb40f984 2079 LSIState *s = opaque;
7d8406be
PB		 2080
2081 lsi_reg_writeb(s, addr & 0xff, val);
2082}
2083
a8170e5e 2084static uint64_t lsi_mmio_read(void *opaque, hwaddr addr,
b0ce84e5 2085 unsigned size)
7d8406be 2086{
eb40f984 2087 LSIState *s = opaque;
7d8406be
PB		 2088 return lsi_reg_readb(s, addr & 0xff);
2089}
2090
b0ce84e5
AK		 2091static const MemoryRegionOps lsi_mmio_ops = {
2092 .read = lsi_mmio_read,
2093 .write = lsi_mmio_write,
e6c165f3 2094 .endianness = DEVICE_LITTLE_ENDIAN,
b0ce84e5
AK		 2095 .impl = {
2096 .min_access_size = 1,
2097 .max_access_size = 1,
2098 },
7d8406be
PB		 2099};
2100
a8170e5e 2101static void lsi_ram_write(void *opaque, hwaddr addr,
b0ce84e5 2102 uint64_t val, unsigned size)
7d8406be 2103{
eb40f984 2104 LSIState *s = opaque;
811a75ba 2105 stn_le_p(s->script_ram + addr, size, val);
7d8406be
PB		 2106}
2107
a8170e5e 2108static uint64_t lsi_ram_read(void *opaque, hwaddr addr,
b0ce84e5 2109 unsigned size)
7d8406be 2110{
eb40f984 2111 LSIState *s = opaque;
811a75ba 2112 return ldn_le_p(s->script_ram + addr, size);
7d8406be
PB		 2113}
2114
b0ce84e5
AK		 2115static const MemoryRegionOps lsi_ram_ops = {
2116 .read = lsi_ram_read,
2117 .write = lsi_ram_write,
e6c165f3 2118 .endianness = DEVICE_LITTLE_ENDIAN,
7d8406be
PB		 2119};
2120
a8170e5e 2121static uint64_t lsi_io_read(void *opaque, hwaddr addr,
b0ce84e5 2122 unsigned size)
7d8406be 2123{
eb40f984 2124 LSIState *s = opaque;
7d8406be
PB		 2125 return lsi_reg_readb(s, addr & 0xff);
2126}
2127
a8170e5e 2128static void lsi_io_write(void *opaque, hwaddr addr,
b0ce84e5 2129 uint64_t val, unsigned size)
7d8406be 2130{
eb40f984 2131 LSIState *s = opaque;
7d8406be
PB		 2132 lsi_reg_writeb(s, addr & 0xff, val);
2133}
2134
b0ce84e5
AK		 2135static const MemoryRegionOps lsi_io_ops = {
2136 .read = lsi_io_read,
2137 .write = lsi_io_write,
e6c165f3 2138 .endianness = DEVICE_LITTLE_ENDIAN,
b0ce84e5
AK		 2139 .impl = {
2140 .min_access_size = 1,
2141 .max_access_size = 1,
2142 },
2143};
7d8406be 2144
54eefd72
JK		 2145static void lsi_scsi_reset(DeviceState *dev)
2146{
71186c86 2147 LSIState *s = LSI53C895A(dev);
54eefd72
JK		 2148
2149 lsi_soft_reset(s);
2150}
2151
44b1ff31 2152static int lsi_pre_save(void *opaque)
777aec7a
N		 2153{
2154 LSIState *s = opaque;
2155
b96a0da0
GH		 2156 if (s->current) {
2157 assert(s->current->dma_buf == NULL);
2158 assert(s->current->dma_len == 0);
2159 }
042ec49d 2160 assert(QTAILQ_EMPTY(&s->queue));
44b1ff31
DDAG		 2161
2162 return 0;
777aec7a
N		 2163}
2164
e58ccf03
PP		 2165static int lsi_post_load(void *opaque, int version_id)
2166{
2167 LSIState *s = opaque;
2168
2169 if (s->msg_len < 0 || s->msg_len > LSI_MAX_MSGIN_LEN) {
2170 return -EINVAL;
2171 }
2172
2173 return 0;
2174}
2175
4a1b0f1c
JQ		 2176static const VMStateDescription vmstate_lsi_scsi = {
2177 .name = "lsiscsi",
12dd89f7 2178 .version_id = 1,
4a1b0f1c 2179 .minimum_version_id = 0,
4a1b0f1c 2180 .pre_save = lsi_pre_save,
e58ccf03 2181 .post_load = lsi_post_load,
d49805ae 2182 .fields = (VMStateField[]) {
725eec70 2183 VMSTATE_PCI_DEVICE(parent_obj, LSIState),
4a1b0f1c
JQ		 2184
2185 VMSTATE_INT32(carry, LSIState),
2f172849 2186 VMSTATE_INT32(status, LSIState),
4a1b0f1c
JQ		 2187 VMSTATE_INT32(msg_action, LSIState),
2188 VMSTATE_INT32(msg_len, LSIState),
2189 VMSTATE_BUFFER(msg, LSIState),
2190 VMSTATE_INT32(waiting, LSIState),
2191
2192 VMSTATE_UINT32(dsa, LSIState),
2193 VMSTATE_UINT32(temp, LSIState),
2194 VMSTATE_UINT32(dnad, LSIState),
2195 VMSTATE_UINT32(dbc, LSIState),
2196 VMSTATE_UINT8(istat0, LSIState),
2197 VMSTATE_UINT8(istat1, LSIState),
2198 VMSTATE_UINT8(dcmd, LSIState),
2199 VMSTATE_UINT8(dstat, LSIState),
2200 VMSTATE_UINT8(dien, LSIState),
2201 VMSTATE_UINT8(sist0, LSIState),
2202 VMSTATE_UINT8(sist1, LSIState),
2203 VMSTATE_UINT8(sien0, LSIState),
2204 VMSTATE_UINT8(sien1, LSIState),
2205 VMSTATE_UINT8(mbox0, LSIState),
2206 VMSTATE_UINT8(mbox1, LSIState),
2207 VMSTATE_UINT8(dfifo, LSIState),
2208 VMSTATE_UINT8(ctest2, LSIState),
2209 VMSTATE_UINT8(ctest3, LSIState),
2210 VMSTATE_UINT8(ctest4, LSIState),
2211 VMSTATE_UINT8(ctest5, LSIState),
2212 VMSTATE_UINT8(ccntl0, LSIState),
2213 VMSTATE_UINT8(ccntl1, LSIState),
2214 VMSTATE_UINT32(dsp, LSIState),
2215 VMSTATE_UINT32(dsps, LSIState),
2216 VMSTATE_UINT8(dmode, LSIState),
2217 VMSTATE_UINT8(dcntl, LSIState),
2218 VMSTATE_UINT8(scntl0, LSIState),
2219 VMSTATE_UINT8(scntl1, LSIState),
2220 VMSTATE_UINT8(scntl2, LSIState),
2221 VMSTATE_UINT8(scntl3, LSIState),
2222 VMSTATE_UINT8(sstat0, LSIState),
2223 VMSTATE_UINT8(sstat1, LSIState),
2224 VMSTATE_UINT8(scid, LSIState),
2225 VMSTATE_UINT8(sxfer, LSIState),
2226 VMSTATE_UINT8(socl, LSIState),
2227 VMSTATE_UINT8(sdid, LSIState),
2228 VMSTATE_UINT8(ssid, LSIState),
2229 VMSTATE_UINT8(sfbr, LSIState),
2230 VMSTATE_UINT8(stest1, LSIState),
2231 VMSTATE_UINT8(stest2, LSIState),
2232 VMSTATE_UINT8(stest3, LSIState),
2233 VMSTATE_UINT8(sidl, LSIState),
2234 VMSTATE_UINT8(stime0, LSIState),
2235 VMSTATE_UINT8(respid0, LSIState),
2236 VMSTATE_UINT8(respid1, LSIState),
12dd89f7 2237 VMSTATE_UINT8_V(sbcl, LSIState, 1),
4a1b0f1c
JQ		 2238 VMSTATE_UINT32(mmrs, LSIState),
2239 VMSTATE_UINT32(mmws, LSIState),
2240 VMSTATE_UINT32(sfs, LSIState),
2241 VMSTATE_UINT32(drs, LSIState),
2242 VMSTATE_UINT32(sbms, LSIState),
2243 VMSTATE_UINT32(dbms, LSIState),
2244 VMSTATE_UINT32(dnad64, LSIState),
2245 VMSTATE_UINT32(pmjad1, LSIState),
2246 VMSTATE_UINT32(pmjad2, LSIState),
2247 VMSTATE_UINT32(rbc, LSIState),
2248 VMSTATE_UINT32(ua, LSIState),
2249 VMSTATE_UINT32(ia, LSIState),
2250 VMSTATE_UINT32(sbc, LSIState),
2251 VMSTATE_UINT32(csbc, LSIState),
2252 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)),
2253 VMSTATE_UINT8(sbr, LSIState),
2254
811a75ba 2255 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 8192),
4a1b0f1c 2256 VMSTATE_END_OF_LIST()
777aec7a 2257 }
4a1b0f1c 2258};
777aec7a 2259
afd4030c
PB		 2260static const struct SCSIBusInfo lsi_scsi_info = {
2261 .tcq = true,
7e0380b9
PB		 2262 .max_target = LSI_MAX_DEVS,
2263 .max_lun = 0, /* LUN support is buggy */
afd4030c 2264
c6df7102 2265 .transfer_data = lsi_transfer_data,
94d3f98a
PB		 2266 .complete = lsi_command_complete,
2267 .cancel = lsi_request_cancelled
cfdc1bb0
PB		 2268};
2269
ae071cc8 2270static void lsi_scsi_realize(PCIDevice *dev, Error **errp)
7d8406be 2271{
71186c86
PC		 2272 LSIState *s = LSI53C895A(dev);
2273 DeviceState *d = DEVICE(dev);
deb54399 2274 uint8_t *pci_conf;
7d8406be 2275
725eec70 2276 pci_conf = dev->config;
deb54399 2277
9167a69a 2278 /* PCI latency timer = 255 */
5845f0e5 2279 pci_conf[PCI_LATENCY_TIMER] = 0xff;
817e0b6f 2280 /* Interrupt pin A */
5845f0e5 2281 pci_conf[PCI_INTERRUPT_PIN] = 0x01;
7d8406be 2282
29776739
PB		 2283 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s,
2284 "lsi-mmio", 0x400);
2285 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s,
2286 "lsi-ram", 0x2000);
2287 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s,
2288 "lsi-io", 256);
b0ce84e5 2289
a8632434 2290 address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io");
3cc1b9cb 2291 qdev_init_gpio_out(d, &s->ext_irq, 1);
a8632434 2292
725eec70 2293 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io);
16b8ed1d 2294 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io);
725eec70 2295 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io);
042ec49d 2296 QTAILQ_INIT(&s->queue);
7d8406be 2297
b1187b51 2298 scsi_bus_new(&s->bus, sizeof(s->bus), d, &lsi_scsi_info, NULL);
7d8406be 2299}
9be5dafe 2300
a8632434
HP		 2301static void lsi_scsi_unrealize(DeviceState *dev, Error **errp)
2302{
2303 LSIState *s = LSI53C895A(dev);
2304
2305 address_space_destroy(&s->pci_io_as);
2306}
2307
40021f08
AL		 2308static void lsi_class_init(ObjectClass *klass, void *data)
2309{
39bffca2 2310 DeviceClass *dc = DEVICE_CLASS(klass);
40021f08
AL		 2311 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2312
ae071cc8 2313 k->realize = lsi_scsi_realize;
40021f08
AL		 2314 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
2315 k->device_id = PCI_DEVICE_ID_LSI_53C895A;
2316 k->class_id = PCI_CLASS_STORAGE_SCSI;
2317 k->subsystem_id = 0x1000;
a8632434 2318 dc->unrealize = lsi_scsi_unrealize;
39bffca2
AL		 2319 dc->reset = lsi_scsi_reset;
2320 dc->vmsd = &vmstate_lsi_scsi;
125ee0ed 2321 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
40021f08
AL		 2322}
2323
8c43a6f0 2324static const TypeInfo lsi_info = {
71186c86 2325 .name = TYPE_LSI53C895A,
39bffca2
AL		 2326 .parent = TYPE_PCI_DEVICE,
2327 .instance_size = sizeof(LSIState),
2328 .class_init = lsi_class_init,
fd3b02c8
EH		 2329 .interfaces = (InterfaceInfo[]) {
2330 { INTERFACE_CONVENTIONAL_PCI_DEVICE },
2331 { },
2332 },
0aab0d3a
GH		 2333};
2334
ceae18bd
HP		 2335static void lsi53c810_class_init(ObjectClass *klass, void *data)
2336{
2337 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2338
2339 k->device_id = PCI_DEVICE_ID_LSI_53C810;
2340}
2341
2342static TypeInfo lsi53c810_info = {
2343 .name = TYPE_LSI53C810,
2344 .parent = TYPE_LSI53C895A,
2345 .class_init = lsi53c810_class_init,
2346};
2347
83f7d43a 2348static void lsi53c895a_register_types(void)
9be5dafe 2349{
39bffca2 2350 type_register_static(&lsi_info);
ceae18bd 2351 type_register_static(&lsi53c810_info);
9be5dafe
PB		 2352}
2353
83f7d43a 2354type_init(lsi53c895a_register_types)
a64aa578 2355
f74a4f3a
MCA		 2356void lsi53c8xx_handle_legacy_cmdline(DeviceState *lsi_dev)
2357{
2358 LSIState *s = LSI53C895A(lsi_dev);
2359
2360 scsi_bus_legacy_handle_cmdline(&s->bus);
2361}
Empty description
This page took 1.363241 seconds and 4 git commands to generate.